September 24, 2009 at 17:26A series of attacks on the largest jabber servers
Yesterday, a series of flood attacks on the largest Ejabberd-based Jabber servers began. Attackers distributed a flood bot in jabber.ru server conferences. The bot registered random JID's on various jabber-servers, then all registered accounts were driven into a newly-recognized conference and began to quickly enter / exit, send messages, flood floods.
As a result of the attack, the conference service on several large servers was unavailable.
During a detailed study of the flood bot, it turned out that it included a database of jabber servers around the world, including servers based on Ejabberd 1.x, the basic functionality of which does not provide for restrictions on registering JID's from one IP addresses (in more recent versions of Ejabberd such an opportunity appeared).
It should be noted that at the moment, administrators of the largest jabber-servers have installed a patch that prevents denial of service.
As a result of the attack, the conference service on several large servers was unavailable.
During a detailed study of the flood bot, it turned out that it included a database of jabber servers around the world, including servers based on Ejabberd 1.x, the basic functionality of which does not provide for restrictions on registering JID's from one IP addresses (in more recent versions of Ejabberd such an opportunity appeared).
It should be noted that at the moment, administrators of the largest jabber-servers have installed a patch that prevents denial of service.